Privacy Policy

Last updated: March 12, 2026

1. What We Do

EgressPulse is a passive Shadow AI detection platform. We monitor your cloud infrastructure logs to identify unauthorized use of AI services. Our access to your environment is strictly read-only. We never write to, modify, or delete anything in your cloud accounts.

2. Data We Collect

From your cloud environment (read-only):

  • Network metadata (IP addresses, ports, byte counts, timestamps)
  • Cloud audit trail entries (IAM role names, service actions)
  • DNS query metadata (domain names, query timestamps)

We do not collect request or response payloads, user content, credentials, or any personally identifiable information (PII) beyond IAM role identifiers.

From your use of the EgressPulse platform:

  • Account registration details (name, email, organization)
  • Authentication data (managed by Clerk)
  • Usage analytics (page views, feature usage)
  • Billing information (processed by Stripe)

3. How We Use Your Data

  • Detect and report unauthorized AI service usage in your environment
  • Generate compliance reports (ISO 42001, SOC 2, GDPR, HIPAA)
  • Calculate risk scores and trend analytics
  • Provide customer support and platform improvements
  • Process billing and enforce subscription limits

4. Data Residency and Storage

Your cloud logs remain in your own AWS account and region. EgressPulse queries logs in place and stores only processed detection results (aggregated metadata, not raw logs) in our infrastructure. Detection data is stored in AWS US regions with encryption at rest (AES-256) and in transit (TLS 1.2+).

5. Data Retention

Retention periods depend on your subscription tier. Upon account cancellation, data transitions to cold storage after 90 days and is permanently deleted at the end of your tier's retention period. You may request early deletion at any time.

6. Third-Party Services

  • Clerk - Authentication and identity management
  • Stripe - Payment processing and billing
  • AWS - Cloud infrastructure and data processing
  • Vercel - Frontend hosting and delivery

We do not sell, rent, or share your data with third parties for marketing purposes.

7. Your Rights

You have the right to:

  • Access and export your detection data at any time
  • Request correction of inaccurate account information
  • Request deletion of your data (7-day grace period applies)
  • Revoke cross-account access by removing the IAM role
  • Opt out of non-essential communications

8. Contact

For privacy-related questions or data requests, contact us at privacy@egresspulse.com.